sentinel_analytics_rule_template_get
Retrieve a specific Microsoft Sentinel analytics rule template to configure threat detection and security monitoring workflows.
Instructions
Get a specific Sentinel analytics rule template
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| kwargs | Yes |
Implementation Reference
- tools/analytics_tools.py:237-294 (handler)The SentinelAnalyticsRuleTemplateGetTool class implements the tool handler. It defines the tool name, description, and the async run method that extracts the template_id parameter, retrieves Azure context, fetches the template using the SecurityInsights client, and returns a summary with full details or an error.class SentinelAnalyticsRuleTemplateGetTool(MCPToolBase): """ Get details for a specific Sentinel analytics rule template by ID. Returns a dict with summary fields and full template details, or error details. """ name = "sentinel_analytics_rule_template_get" description = "Get a specific Sentinel analytics rule template" async def run(self, ctx: Context, **kwargs): """ Get details for a specific analytics rule template by ID. Parameters: ctx (Context): MCP context object. template_id (str): The ID of the analytics rule template to retrieve. **kwargs: Accepts template_id as direct key or via kwargs["kwargs"]. Returns: dict: Template summary and details, or error dict. """ logger = self.logger # Extract template_id using the centralized parameter extraction from MCPToolBase template_id = self._extract_param(kwargs, "template_id") if not template_id: logger.error( "No template_id provided for analytics rule template retrieval." ) return {"error": "No template_id provided."} # Extract Azure context workspace, resource_group, subscription_id = self.get_azure_context(ctx) if not (workspace and resource_group and subscription_id): logger.error( "Missing Azure Sentinel context for analytics rule template retrieval." ) return {"error": "Missing Azure Sentinel context."} # Get client client = self.get_securityinsight_client(subscription_id) try: template = client.alert_rule_templates.get( resource_group, workspace, template_id ) template_dict = ( template.as_dict() if hasattr(template, "as_dict") else dict(template) ) summary = { "id": template_dict.get("id"), "name": template_dict.get("name"), "displayName": template_dict.get("display_name") or template_dict.get("displayName"), "description": template_dict.get("description"), "kind": template_dict.get("kind"), } summary["_full"] = template_dict return summary except Exception as e: logger.error("Error retrieving analytics rule template: %s", e) # pylint: disable=consider-using-f-string return {"error": f"Error retrieving analytics rule template: {str(e)}"}
- tools/analytics_tools.py:608-623 (registration)The register_tools function registers all analytics tools with the MCP server, including the SentinelAnalyticsRuleTemplateGetTool via its register class method.def register_tools(mcp): """ Register all analytics tools with the given MCP server instance. Args: mcp: The MCP server instance to register tools with. """ SentinelAnalyticsRuleListTool.register(mcp) SentinelAnalyticsRuleGetTool.register(mcp) SentinelAnalyticsRuleTemplatesListTool.register(mcp) SentinelAnalyticsRuleTemplateGetTool.register(mcp) SentinelAnalyticsRulesCountByTacticTool.register(mcp) SentinelAnalyticsRuleTemplatesCountByTacticTool.register(mcp) SentinelAnalyticsRulesCountByTechniqueTool.register(mcp) SentinelAnalyticsRuleTemplatesCountByTechniqueTool.register(mcp)